NAT Problems on Windows2000 !!! 1

[allan55]

Does anyone share his/her expertises how to configure NAT on Windows2000 Adv server?

I followed up the wizard to set up NAT from routing and remote access console, the NAT server can access to Internet, but the client doesn't.

Here are the configuration I did on NAT server.

1. assign 192.168.0.10 private address to NAT server.
2. Set up DNS & DHCP on NAT server
3. On DHCP scope options:
Point DNS server to 192.168.0.10 NAT server address

Run ipconfig /renew from client PCs ( Windows 2000 professional ), DHCP service is working fine.

Please give me a clear picture how to set it up?

Thanks,
Allan

 

[peterve]

The clients need to have your NAT enabled server's IP as default gateway
Also, it's better to provide the clients with the DNS server IP from the internet provider ...

In the configuration of NAT, did you check that your internal interface is 'private' and the other one is 'public' ?

After filling in the gateway address on your clients (or providing this address in the DHCP scope options on the server& release/renewing the ip on the client), can you try pinging to a IP on the internet ? If that works, your NAT router is working fine.
Then you can try pinging a dns name (

http://www.microsoft.com)

If that works as well, you are fully operational...

Hope this helps

Peter Van Eeckhoutte
peter.ve@pandora.be

 

[pthomsen]

Did you have any luck Allan with this? I get the same problem after following the help files.

The clients are not routed to the internet. They can resolve ips but i think this is just the NATs little dns thing at work

Any help appreciated.

 

[peterve]

Is there a firewall between the clients & the internet ?
Can you ping a internet address from the NAT server ?
Can you try to do a tracert to an IP on the internet when the firewall has been turned off ?
(you should see the packet going to the local IP of the NAT server (192.168.0.10) , and then to the internet)
Are you sure the gateway addresses are filled in correctly on the client ?
Can you ping the gateway address 192.168.0.10 ?
Peter Van Eeckhoutte
peter.ve@pandora.be

 

[faker]

Peter,

I can ping ip addresses and domain names on the client. I can't get a browser connection or pick up my pop3 mail.

The browser does not have a proxy enabled.

I am using thwe Whistler beta. Everything looks identical to Win2K.

Any ideas?
Fred Aker

 

[peterve]

SO you can ping the pop3 server, but you cannot access it
(both from the client) ?
Weird stuff... the NAT / Routing is working fine, this beats me...
let me think about it Peter Van Eeckhoutte
peter.ve@pandora.be

 

[faker]

Peter

I see in the Windows ME browsers (IE & NS) that the DNS is being resolved. It is almost as if the answer is being blocked / filtered. I have no filters set. Possibly Whistler blocks everything incoming and I will have to manually set up applications.

I appreciate any insights.

Fred

 

[peterve]

Hmmm strange stuff

Can you try to telnet to a smtp server on port 25
or to a pop3 server on port 110
or to a webserver on port 80

(just to see if these ports are blocked or not)
Peter Van Eeckhoutte
peter.ve@pandora.be

 

[faker]

I can ping the general address, but not telnet to those ports.
Fred

 

[faker]

I found the problem. Even though the proxy was turned off in the browsers, the Microsoft Proxy client was running on the client machine.

I deinstalled the proxy client and everything worked.

Thanks for the help.
Fred

 

[peterve]

Great... I'm glad you found it Peter Van Eeckhoutte
peter.ve@pandora.be

 

[pierreforget]

Hi M. Eeckhoutte,

I read one of your replies in another forum on NAT, and there are some things which I can't make to work.

I first installed the NAT as Microsoft says, but it didn't work. I had to put a DNS (from the ISP) on each client machine (server=win2k server, running DHCP and DNS servers, client are all Win2k workstation) to make it work. Works fine, but the client is on an unlimited home account (meaning that he has to disconnect when not needed), not on a dedicated line.

NAT does it's job of connecting on demand, and disconnect when not needed. But the problem is that NAT tries to reconnect every 4-5 minutes, 24 hours/day. So either the client gets connected all the time, or reconnects hundreds of times per day. Both situations that the ISP doesn't want. From the logs, I noticed that all the machines on the network always go to the Internet name server to get any info on names or IP address. This seems to be the reason why the NAT reconnects every 4-5 minutes.

I tried to put the public interface IP address(192.168.1.29) instead of the ISP DNS server IP address. I can ping any IP address, but I cannot resolve names (host not found).

I tried to use the forwarder, as you suggested in one of your replies, but if I go in the snap-in mmc, it tells me that the forwarders are not available, because this is a root server.

Also changed IGMP from proxy to router, but to no effect. Also disabled DHCP in NAT, as you suggested.

Thank you in advance,

Pierre Forget

 

[CoolClark]

The reason you can't set up forwarders is your DNS thinks it's the top level DNS server. Delete the . forward lookup zone and create a new forward lookup zone for your domain. This will allow you to set up forwarders.

 

[peterve]

that is correct ---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !

 

[pierreforget]

Hi again,

Finally managed to get the forwarder going (rebooted the server, just to make sure). But it seems that it was just a displacement of the problem.

The public interface needs to be connected for the first time, otherwise, the workstations won't trigger the dial-up on demand. Once it has done it once, then it will reconnect on demand. This I don't understand...

But I still have the same problem, meaning that the dialup reconnects every 3-5 minutes, even if there is no activity on the Internet from all the workstations. Meaning here, all the browsers are closed and mail utilities are closed. I had a problem before with Norton Liveupdate, which wanted to check every 5 minutes for updates. But this has been taken care of.

The only difference with the forwarder is:

if I check in the logs(the system is in French, so pardon me the translation), I get:

192.168.1.10 (server) ha sent a packet to 207.107.108.2 (ISP's DNS server) which has triggered the public interface.

While before I would get the same message, but with the IP of the different workstation, instead of the server IP.

My only goal is this: Have a real NAT dialup on demand (meaning only when a workstation needs to go to the Internet) and disconnect after 20 minutes, and not reconnect every time that a name (or else...) needs to be resolved on the local network.

Is that possible? (sometimes, I wonder...)

Thank you for your patience,

Pierre Forget

 

[CoolClark]

Make sure you aren't attempting any replication from your primary dns.

 

[pierreforget]

How do I check and correct replication from the primary DNS?

Thank you,

Pierre Forget

 

[pierreforget]

Hi,

Sorry to bother you again with the same problem. Just to know if you have any clue on the ever reconnecting NAT, discussed previously on this thread. Or if you think you may find a solution.

Thank you for the effort,

Pierre Forget

 

[daren33]

I saw something that you had responded to on an earlier thread and was wondering if you could help me out. Windows 2000 server active directory, dns settings to be exact, are killing me. I'm used to NT severs and have setup some 2000 servers but recently had my first experience setting up a 2000 server with 2000 professeional. I can't get them to log on correctly. It seems as though the server doesn't authenticate them. I can logon as administrator but it takes about a minute and then I have to logon to each network drive individually. Please help!! Thanks, Daren drsd@hotmail.com

 

[peterve]

Daren,

Windows 2000 uses DNS to find a domain controller.
Assuming that you've already configured your server as an Active Directory Domain controller (by running dcpromo), and that DNS is working properly....

-> On your server : DNS should point to itself
-> On your clients : DNS should point to the server

Make sure you create an account for each user in Active Directory (not locally on the server, but in the Active Directory Users & computers snap-in...)
configure your workstation to be part of the domain (don't forget to fill in the DNS suffix field under 'network identification')
(right click 'My Computer')

---------------------------------------------------------------------
I have not failed, I've just found 10,000 ways that don't work
---------------------------------------------------------------------
Peter Van Eeckhoutte
peter.ve@pandora.be
*:->* Did this post help? Click below to let me know !